Skip to content

fix(pii): listen on 5001 to avoid app :3000 collision (awsvpc) #5182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TheodoreSpeaks merged 2 commits into from
Jun 23, 2026
+5 −3
Merged

fix(pii): listen on 5001 to avoid app :3000 collision (awsvpc) #5182

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
52c2561
fix(pii): bind a configurable $PORT to avoid app :3000 collision
TheodoreSpeaks Jun 23, 2026
45a1694
fix(pii): hardcode port 5001 (drop $PORT indirection)
TheodoreSpeaks Jun 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions docker/pii.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,13 @@ RUN groupadd -g 1001 pii && \
chown -R pii:pii /app
USER pii

EXPOSE 3000
# Listen on 5001. In the ECS task all containers share one network namespace
# (awsvpc) and the app owns 3000, so this sidecar must not use 3000.
EXPOSE 5001
Comment thread
greptile-apps[bot] marked this conversation as resolved.

# start-period is generous: five large spaCy models load at import before
# /health responds. Tune against measured cold-start once built.
HEALTHCHECK --interval=30s --timeout=5s --start-period=180s --retries=3 \
CMD curl -fsS http://localhost:3000/health || exit 1
CMD curl -fsS http://localhost:5001/health || exit 1

CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "3000"]
CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "5001"]

@greptile-apps greptile-apps Bot Jun 23, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 $PORT is ignored — exec-form CMD bypasses shell variable expansion

The PR description says "bind ${PORT} via a shell-form CMD, default 5001" and the testing section claims PORT=5002 binds 5002. But the CMD uses JSON/exec-form (["uvicorn", …, "--port", "5001"]), which is passed directly to the process without invoking a shell — $PORT is never expanded. Setting PORT=5002 in the ECS taskdef will have no effect; the container will still bind 5001. The HEALTHCHECK on line 48 also hardcodes 5001, so any env-var override would cause the health check to probe the wrong port. To match the stated intent, both lines need to use shell-form and read ${PORT:-5001}.

Suggested change
CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "5001"]
CMD uvicorn server:app --host 0.0.0.0 --port ${PORT:-5001}

Loading